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Amendments to the Claims : 

1. (Currently Amended) A system comprising: 

a terminal capable of communicating an apparatus programmed to communicate or 
faci li tate communication at least one of within and-or across at least one network, wherein the 
terminal apparatus is included within an organization including a plurality o f terminals 
apparatuses , at least one terminal apparatus having at least one characteristic and being at at least 
one of a plurality of positions within the organization; 

a secondary certification authority (CA) capable of providing processor programmed to 
provide at least one role certificate to the terminal apparatus based upon the at least one position 
of the terminal apparatus within the organization, wherein the organization includes a plurality of 
secondary CA's capable of issuing CA processors programmed to issue at least one role 
certificate to respective groups of terminals apparatuses of the organization; 

a tertiary CA capable of providing processor programmed to provide at least one 
permission certificate to the terminal apparatus b ased upon the at least one characteristic of the 
terminal apparatus that is located at a position within the organization, wherein the organization 
includes a plurality of tertiary CA's capable of issuing CA processors programmed to issue at 
least one permission certificate to respective sub-groups of terminals apparatuses of the 
organization; and 

a server capable of authenticating programmed to authenticate the terminal apparatus 
based upon an identity certificate, the at least one role certificate and the at least one permission 
certificate of the terminal apparatus to thereby determine whether to grant the terminal apparatus 
access to at least one resource of the server. 

2. (Currently Amended) A system according to Claim 1 , wherein the terminal 
apparatus comprises a terminal apparatus included within an organization comprising a customer 
base of a cellular service provider that includes a plurality o f terminals apparatuses , each 
terminal apparatus being at one of a plurality of positions comprising a plurality of service plans 
offered by the cellular network operator, and wherein at least one terminal apparatus has at least 
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one characteristic comprising at least one optional service offered by the cellular network 
operator. 

3. (Currently Amended) A system according to Claim 1, wherein the terminal 
apparatus comprises a terminal apparatus included within an organization comprising a customer 
base of a cellular service provider that includes a plurality o f terminals apparatuses , each 
terminal apparatus being at at least one of a plurality of positions comprising a plurality of 
services offered by the cellular network operator, and wherein at least one tenninal apparatus has 
at least one characteristic comprising at least one optional service offered by the cellular network 
operator. 

4. (Currently Amended) A system according to Claim 1, wherein the tertiary CA 
processor is capable of providing programmed to provide at least one permission certificate each 
having an associated validity time no greater than a validity time of the at least one role 
certificate provided by the secondary CA processor, and no greater than a validity time of the 
identity certificate. 

5. (Currently Amended) A system according to Claim 4, wherein the server is 
capable of authenticating programmed to authenticate the terminal apparatus based upon the 
validity times of the identity certificate, at least one role certificate and at least one permission 
certificate of the respective tenninal apparatus . 

6. (Currently Amended) A system according to Claim 1, wherein the terminal 
apparatus is capable of requesting programmed to request access to at least one resource of a 
server before the server authenticates the t e nninal apparatus , and wherein the server is capable of 
granting programmed to grant access to the at least one resource if the terminal apparatus is 
authenticated. 
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7. (Currently Amended) A method of authenticating a terminal apparatus 
comprising: 

providing a terminal capable of communicating an apparatus programmed to 
communicate or facilitate communication at least one of within aad-or across at least one 
network, wherein the terminal apparatus is included within an organization including a plurality 
o f terminals apparatuses , at least one terminal apparatus having at least one characteristic and 
being at at least one of a plurality of positions within the organization; 

providing at least one role certificate to the t e rminal apparatus from a secondary 
certification authority (CA) processor based upon the at least one position of the terminal 
apparatus within the organization, wherein the organization includes a plurality of secondary 



respective groups of terminals apparatuses of the organization; 

providing at least one permission certificate to the terminal apparatus from a tertiary CA 
processor based upon the at least one characteristic of the terminal apparatus located at a position 
within the organization, wherein the organization includes a plurality of tertiary CA's capable of 



groups of terminals apparatuses of the organization; and 

authenticating the terminal a pparatus at a server based upon an identity certificate, the at 
least one role certificate and the at least one permission certificate of the terminal apparatus t o 
thereby determine whether to grant the terminal apparatus access to at least one resource of the 
server. 

8. (Currently Amended) A method according to Claim 7, wherein providing a 
terminal apparatus comprises providing a terminal apparatus included within an organization 
comprising a customer base of a cellular service provider that includes a plurality o f terminals 
apparatuses , each terminal apparatus being at one of a plurality of positions comprising a 
plurality of service plans offered by the cellular network operator, and wherein at least one 
terminal apparatus has at least one characteristic comprising at least one optional service offered 
by the cellular network operator. 




-CA processors programmed to issue at least one role certificate to 




led to issue at least one permission certificate to respective sub- 
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9. (Currently Amended) A method according to Claim 7, wherein providing a 
terminal apparatus comprises providing a terminal apparatus included within an organization 
comprising a customer base of a cellular service provider that includes a plurality o f terminals 
apparatuses , each terminal apparatus being at at least one of a plurality of positions comprising a 
plurality of services offered by the cellular network operator, and wherein at least one terminal 
apparatus has at least one characteristic comprising at least one optional service offered by the 
cellular network operator. 

1 0. (Original) A method according to Claim 7, wherein providing at least one 
permission certificate comprises providing at least one permission certificate each having an 
associated validity time no greater than a validity time of the at least one role certificate, and no 
greater than a validity time of the identity certificate. 

1 1 . (Currently Amended) A method according to Claim 1 0, wherein authenticating 
the terminal apparatus comprises authenticating the terminal apparatus based upon the validity 
times of the identity certificate, at least one role certificate and at least one permission certificate 
of the respective terminal apparatus . 

12. (Currently Amended) A method according to Claim 7 further comprising: 
requesting, from the terminal apparatus , access to at least one resource of a server before 

authenticating the terminal apparatus : and 

granting access to the at least one resource if the t e rminal apparatus is authenticated. 

1 3 . (Currently Amended) A terminal An apparatus included within an organization 
including a plurality o f terminals apparatuses , each terminal apparatus having at least one 
characteristic and being at at least one of a plurality of positions within the organization, the 
terminal apparatus comprising : 
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a controller capable of communicating programmed to communicate or facilitate 
communication at least one of within and-oracross at least one network, wherein the controller is 
capa b le of obtaining programmed to obtain at least one role certificate from a secondary 
certification authority (CA) processor based upon the at least one position of the terminal 
apparatus within the organization and at least one permission certificate from a tertiary CA 
processor based upon the at least one characteristic of the terminal apparatus that is located at a 
position within the organization, wherein the organization includes a plurality of secondary CA's 
capable of issuing CA processors programmed to issue at least one role certificate to respective 
groups of terminals apparatuses of the organization, and wherein the organization includes a 
plurality of tertiary CA's capable of issuing CA processors programmed to issue at least one 
permission certificate to respective sub-groups of terminals apparatuses of the organizationt«id 

a memory capable of storing an identity certificate, at least one role certificate and at least 
one permission certificate , 

wherein the controller is also capable of communicating programmed to communicate or 
facilitate communication with a server such tha t to thereby enable the server is capable of 
authenticating to authenticate the t e nninal apparatus based upon the-an identity certificate, the at 
least one role certificate and the at least one permission certificate of the terminal apparatus to 
thereby determine whether to grant the terminal apparatus access to at least one resource of the 
server. 

14. (Currently Amended) A terminal A n apparatus according to Claim 13, wherein 
the controller is capable of obtaining programmed to obtain at least one role certificate from a 
secondary CA capable of issuing p rocessor programmed to issue at least one role certificate to 
each terminal apparatus of the organization comprising a customer base of a cellular service 
provider that includes a plurality o f terminals apparatuses , each terminal apparatus being at one 
of a plurality of positions comprising a plurality of service plans offered by the cellular network 
operator, and wherein the controller is capable of obtaining programmed to obtain at least one 
permission certificate based upon at least one characteristic comprising at least one optional 
service offered by the cellular network operator. 
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1 5 . (Currently Amended) A t e rminal An apparatus according to Claim 1 3 , wherein 
the controller is capable of obtaining programmed to obtain at least one role certificate from a 
secondary CA capable of i ss uing processor programmed to issue at least one role certificate to 
each terminal apparatus of the organization comprising a customer base of a cellular service 
provider that includes a plurality of terminal s apparatuses , each terminal apparatus being at at 
least one of a plurality of positions comprising a plurality of services offered by the cellular 
network operator, and wherein the controller is capabl e of obtaining programmed to obtain at 
least one permission certificate based upon at least one characteristic comprising at least one 
optional service offered by the cellular network operator. 

16. (Currently Amended) A terminal An apparatus according to Claim 13, wherein 
the controller is capable of obtaining programmed to obtain at least one permission certificate 
each having an associated validity time no greater than a validity time of the at least one role 
certificate obtained by the controller, and no greater than a validity time of the identity 
certificate. 

17. (Currently Amended) A terminal An apparatus according to Claim 16, wherein 
the controller is also capable of communicating programmed to communicate or facilitate 
communication with a server such that the server is capable of authenticating p rogrammed to 
authenticate t he terminal apparatus based upon the validity times of the identity certificate, at 
least one role certificate and at least one permission certificate of the respective terminal 
apparatus . 

18. (Currently Amended) A terminal An apparatus according to Claim 13. wherein 
the controller is capable of requesting programmed to request access to at least one resource of a 
server before the server authenticates the terminal apparatus such that the server is capable of 
granting programmed to grant access to the at least one resource if the terminal apparatus is 
authenticated. 
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